Re: Does Net-SNMP support AES192 or AES256?
Simon, The USM AES192 and AES256 support is based upon an Internet Draft, which never became a standard - therefore, you have to pass "--enable-blumenthal-aes" to ./configure. (You don't have to enable TSM or the TLS transports; that's a whole different kettle of fish.) Bill On Fri, Apr 6, 2018 at 12:01 PM, Simon Chamlian wrote: > Thanks for the tip. > > I did compile with the following options: > > --disable-embedded-perl > --without-perl-modules with_endianness=big > --enable-mini-agent > --with-default-snmp-version="3" > --enable-ipv6 > --disable-debugging > --with-sys-contact="who@where" > --with-logfile="/var/log/snmp" > > *--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" * > > > Still when I put > > createUser User2 MD5 "passwrd-00" AES192 (or AES-192) "default-00" > > I get an error message: > > snmpd.conf: line 27: Error: unknown privProtocol > > So does SNMP 5.8 support AES192 and AES256? > Is it another syntax I need in snmpd.conf? > > Thanks, > > S. > > > > > On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza wrote: > >> Simon, >> Those options have to be enabled in the configure options. I suggest >> building with the following configure options: >> --with-transports="DTLSUDP" --with-security-modules="tsm" >> >> There might be other configure options that you need to make it work. >> >> Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256; >> they specified some older algorithms that were "latest and greatest" >> at the time it was being drafted :( >> >> Thanks, >> Keith >> Thanks, >> Keith >> >> >> On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian >> wrote: >> > >> > >> > >> > Hi, >> > >> > Does Net-SNMP support AES192 or AES256? >> > >> > According to this link >> > >> > http://www.net-snmp.org/wiki/index.php/Strong_Authentication >> _or_Encryption >> > >> > The short answer is Yes, starting with release 5.8 AES193 and AES256 >> are an >> > optional configure option. >> > >> > So I downloaded version 5.8.pre2 and tried: >> > >> > >> > createUser user2 SHA "passwrd-00" AES192 "default-00" >> > rwuser user2 >> > >> > createUser user3 SHA "passwrd-00" AES256 "default-00" >> > rwuser user3 >> > >> > >> > Does not work. I get an error: >> > snmpd.conf: line 27: Error: unknown privProtocol >> > snmpd.conf: line 31: Error: unknown privProtocol >> > >> > Any insight will be highly appreciated. >> > >> > S. >> > >> > >> > >> > >> > >> -- >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > ___ >> > Net-snmp-coders mailing list >> > Net-snmp-coders@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders >> > >> > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: IRC chat to help our new guard get on board?
net-snmp developers, Please join us for an IRC chat on #newguard at freenode.net on April 12 5:30 AM PDT/6:30 AM MDT/7:30 AM CDT/8:30 AM EDT/12:30 PM UTC for a meet-and-greet with ICEI's newguards who wants to contribute to the net-snmp project. Looking forward to chatting with you guys. Thanks, Keith On Wed, Apr 4, 2018 at 10:18 PM, Eric S. Raymond wrote: > Keith Mendoza : >> So far, this is the time that may work for everyone if we do it the >> week of April 8 (UTC and US time zones): 5:30 AM PDT/6:30 AM MDT/7:30 >> AM CDT/8:30 AM EDT/12:30 PM UTC--6:00 AM PDT/7:00 AM MDT/8:00 AM >> CDT/9:00 AM EDT/1:00 PM UTC. >> >> Eric, >> How do you feel about having the meeting the week of April 16 to see >> if we can get better timing and more people to come? > > I don't have a preference. I think you're collecting better information > to base a decision on than I am. > -- > http://www.catb.org/~esr/";>Eric S. Raymond > > My work is funded by the Internet Civil Engineering Institute: > https://icei.org > Please visit their site and donate: the civilization you save might be your > own. > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: snmpd log file
Hi Simon, Hope you're doing well. These weird looking messages are actually representation of the data that is sent from an snmpd agent to a sub-agent or vice versa. Generally, when I'm starting my snmpd agent's binary I use the following command: *./snmpd -d -Lo -f -c /{Path_to_snmp.conf}/snmpd.conf* Note the flag -d which indicates that debug mode is on, and the agent will log/print all the incoming or outgoing packets byte by byte. To disable these debug messages, you can skip the -d flag and instead use the following command: *./snmpd -Lo -f -c /{Path_to_snmp.conf}/snmpd.conf* Hope it solves your problem. (By the way, I'm just a beginner with SNMP protocol and net-snmp library. So pardon me for some mistakes, which might be there in my understanding. @snmp devs: please correct me, if I've misinterpret something.) Thanks & Regards, Ashutosh Kumar On Fri, Apr 6, 2018 at 1:52 AM, Simon Chamlian wrote: > Hi, > > I am seeing some weird messages in the log file generated by snmpd. > > Example: > > Sending 194 bytes to UDP: [172.27.37.227]:60682->[172.27.42.214]:161 > : 30 81 BF 02 01 03 30 0D 02 01 0A 02 02 05 C0 04 > 0.0. > 0016: 01 01 02 01 03 04 2E 30 2C 04 0D 80 00 1F 88 80 > ...0,... > 0032: 23 29 E6 83 5A C5 2C 68 02 01 0A 02 01 48 04 05 > #)..Z.,h.H.. > 0048: 41 64 6D 69 6E 04 0C 8D 14 AF 4A EF E3 C7 E0 13 > hello.J. > 0064: 8D 33 96 04 00 30 7B 04 0D 80 00 1F 88 80 23 29 > .3...0{...#) > 0080: E6 83 5A C5 2C 68 04 00 A2 68 02 01 0A 02 01 00 > ..Z.,h...h.. > 0096: 02 01 00 30 5D 30 17 06 0F 2B 06 01 04 01 A2 70 > ...0]0...+.p > 0112: 02 03 04 01 01 01 02 08 40 04 C0 03 01 FD 30 17 > @.0. > 0128: 06 0F 2B 06 01 04 01 A2 70 02 03 04 01 01 01 02 > ..+.p... > 0144: 08 40 04 C0 03 01 FD 30 13 06 0F 2B 06 01 04 01 > .@.0...+ > 0160: A2 70 02 03 04 01 01 01 03 08 04 00 30 14 06 0F > .p..0... > 0176: 2B 06 01 04 01 A2 70 02 03 04 01 01 01 04 08 02 > +.p. > 0192: 01 02 .. > > > Received 192 byte packet from UDP: [172.27.37.227]:60682->[172.27.42.214]:161 > > > > > How can I disable these messages? > > I cannot even find them in source code to comment them out. > > Thanks, > S > > > > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Some bugs that need closing
On 04/06/2018 11:33 AM, Keith Mendoza wrote: After going through the list, we feel that any bugs created before 2012 Nov 8 should just be closed/dropped at this point. That way we can focus our efforts on working on bugs that are left after that date. I can explain the reasoning behind /this/ particular date. If you sort the list of open bugs by last modification time you will find about 380-something bugs with identical modification dates. Clearly something was done to the database at that time - perhaps an upgrade - and those bugs haven't been touched since. I have a difficult time seeing a lump of bugs that haven't been touched in five and a half years as vital to keep open. If someone knows of specific bugs in that time-frame which are still relevant please point us at them, but the undifferentiated mass just increases the bug counter to no benefit. -- /"In the end; what separates a Man, from a Slave? Money? Power? No. A Man Chooses, a Slave Obeys."/ -- Andrew Ryan /"Utopia cannot precede the Utopian. It will exist the moment we are fit to occupy it."/ -- Sophia Lamb -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Some bugs that need closing
net-snmp dev team, Ian and I went through another round of going through the bug lists for ones that we feel can either be closed, or placed in WONTFIX: * 1989, 2490, 2101, 1765, 2554: These have proposed patches that doesn't appear to have been applied. * 2438: Fixed in patch 1249, which is merged. * 2462: user had a different version of a library. * 2327, 2282 2558: These 3 are issues related to the Perl binding printing messages to STDERR. Patch 1285 as containing the solution. * 2769: Website has been back up since March 2018 after the migration. * 2576, 2577: The POC code is suspect to me. Code will never do snmp_close(); who knows what cleanup is never happening with this not happening at program termination. At least they didn't website with a flashy name. * 2479: Gives screenshot *sigh* but no other info. * 2429: Not enough info to show that there's indeed a leak. After going through the list, we feel that any bugs created before 2012 Nov 8 should just be closed/dropped at this point. That way we can focus our efforts on working on bugs that are left after that date. Thanks, Keith Thanks, Keith On Sun, Apr 1, 2018 at 7:21 AM, Ian Bruene wrote: > > > On 03/31/2018 02:18 PM, Bill Fenner wrote: > > On Wed, Mar 28, 2018 at 1:09 PM, Ian Bruene wrote: >> >> >> #2823 Is fixed. > > > This was the one that you later mentioned on irc, and the formatting misled > you into thinking that it was fixed but it isn't? > > > Yes, looking into it now. > > > [various closings] > > Thanks! > Bill > > > Thanks! > > -- > "In the end; what separates a Man, from a Slave? Money? Power? No. A Man > Chooses, a Slave Obeys." -- Andrew Ryan > > "Utopia cannot precede the Utopian. It will exist the moment we are fit to > occupy it." -- Sophia Lamb > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Does Net-SNMP support AES192 or AES256?
Thanks for the tip. I did compile with the following options: --disable-embedded-perl --without-perl-modules with_endianness=big --enable-mini-agent --with-default-snmp-version="3" --enable-ipv6 --disable-debugging --with-sys-contact="who@where" --with-logfile="/var/log/snmp" *--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" * Still when I put createUser User2 MD5 "passwrd-00" AES192 (or AES-192) "default-00" I get an error message: snmpd.conf: line 27: Error: unknown privProtocol So does SNMP 5.8 support AES192 and AES256? Is it another syntax I need in snmpd.conf? Thanks, S. On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza wrote: > Simon, > Those options have to be enabled in the configure options. I suggest > building with the following configure options: > --with-transports="DTLSUDP" --with-security-modules="tsm" > > There might be other configure options that you need to make it work. > > Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256; > they specified some older algorithms that were "latest and greatest" > at the time it was being drafted :( > > Thanks, > Keith > Thanks, > Keith > > > On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian > wrote: > > > > > > > > Hi, > > > > Does Net-SNMP support AES192 or AES256? > > > > According to this link > > > > http://www.net-snmp.org/wiki/index.php/Strong_ > Authentication_or_Encryption > > > > The short answer is Yes, starting with release 5.8 AES193 and AES256 are > an > > optional configure option. > > > > So I downloaded version 5.8.pre2 and tried: > > > > > > createUser user2 SHA "passwrd-00" AES192 "default-00" > > rwuser user2 > > > > createUser user3 SHA "passwrd-00" AES256 "default-00" > > rwuser user3 > > > > > > Does not work. I get an error: > > snmpd.conf: line 27: Error: unknown privProtocol > > snmpd.conf: line 31: Error: unknown privProtocol > > > > Any insight will be highly appreciated. > > > > S. > > > > > > > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > ___ > > Net-snmp-coders mailing list > > Net-snmp-coders@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders